Favoritebikes Help Center

Data Safety and Vulnerability Disclosure Policy

Vulnerability Disclosure Policy

Our commitment to data safety extends to transparent and responsible handling of potential security vulnerabilities. We encourage the responsible reporting of any vulnerabilities that may be found in our app or website. To report a vulnerability, please send us an email at info@favoritebikes.com. Your efforts to responsibly disclose your findings are truly appreciated, and we will ensure thorough investigation and response.

Classification and Grading of Vulnerabilities

Vulnerabilities reported to us are classified and graded into three categories based on their severity: low, medium, and high risk. The classification is determined by assessing the potential impact of the vulnerability on the confidentiality, integrity, and availability of our users' data and our systems.

  • High Risk: Vulnerabilities that could cause significant harm to our systems or compromise sensitive data.
  • Medium Risk: Vulnerabilities that may affect the performance or functionality of our services but are less likely to compromise user data directly.
  • Low Risk: Issues that pose minimal risk to the overall security of our systems and do not affect sensitive data or critical system functionality.

Response Times by Severity

We are committed to responding to reported vulnerabilities in a timely manner. Our response times vary according to the severity of the vulnerability:

  • High Risk: Response within 3 business days.
  • Medium Risk: Response within 5 business days.
  • Low Risk: Response within 7 business days.

Resolution Commitment Times

Upon identification and confirmation of a vulnerability, we are committed to resolving the issues based on their severity within the following timelines:

  • High Risk: Resolution within 15 business days.
  • Medium Risk: Resolution within 30 business days.
  • Low Risk: Resolution within 45 business days.

Vulnerability Resolution Process

Our process for addressing reported vulnerabilities is outlined in the following steps:

  1. Vulnerability Collection: Receive and log the vulnerability report.
  2. Vulnerability Analysis: Assess and classify the severity of the vulnerability.
  3. Vulnerability Resolution: Develop and implement a fix for the vulnerability.
  4. Testing: Thoroughly test the fix to ensure the vulnerability is resolved without introducing new issues.
  5. Release: Deploy the fix in a new release version of the app.

Release Version Disclosure

Upon resolving vulnerabilities, we will disclose the fixes in the release notes of new versions of our app, which can be found on our website. This ensures our users are informed about the measures taken to maintain the security and integrity of our systems.